Threat Intelligence Services

----------------------------
In this lesson, you will learn how security vendors collect threat information from
various sources and provide access to that collected knowledge to detect not only
malware, but all sorts of bad behaviors.

Question 1
In the early days of threat intelligence service, in which three timeframes were
vendor updates released? (Choose three.)
Select one or more:
Monthly [CORRECT ANSWER]
Every week
Quarterly [CORRECT ANSWER]
Once a year [CORRECT ANSWER]
Twice a year

Question 2
Which statement about cyber-attacks is true?
Select one:
Security products and threat intelligence services that can act together in real
time stand the best chance of stopping these attacks. [CORRECT ANSWER]
There is no secrecy within security vendors and all information is shared.
It is important that individuals become more aware of and knowledgeable about any
attacks.
Sharing intelligence among security vendors is the best way to fight threats.
As bad actors continue to evolve it is important to invest in expensive security
products.

Question 3
What happened when malware became more sophisticated and able to change its own
file content?
Select one:
A single type of malware became an entire malware family, consisting of perhaps
thousands of different files, but each file performing the same bad behaviors.
[CORRECT ANSWER]
Malware signatures did not change, and it was not able to sneak by older antivirus
products.
One new type of malware was detected per year, resulting in the growth of the
malware family.
A single type of malware did not multiply and no bad behavior was detected.
Less sophisticated malware was still able to evade classic signature-based
scanning.

Question 4
Which are three functions of sandboxing? (Choose three.)
Select one or more:
Sandboxes can send the details to the vendor’s threat intelligence service so that
the details can be shared worldwide. [CORRECT ANSWER]
Depending on the configuration, the owner of the sandbox can propagate this new
knowledge across their network security environment. [CORRECT ANSWER]
After some time, if nothing malicious is detected in the quarantined files, the
sandbox declares them as safe and releases them from quarantine.
Sandboxing products take a suspect file and places it in an environment where its
behaviors can be closely analyzed. [CORRECT ANSWER]
Sandboxing quarantines suspicious files and immediately flags them as malware.

Question 5
What happens when each known malware file is represented by a one-to-one signature
approach?
Select one:
The malware count increases daily, however it can be detected early by a one-to-one
signature approach.
It does not scale well, because the number of malware files increases by millions
or more each day. [CORRECT ANSWER]
Malware-as-a-service organizations provide do-it-yourself malware kits as a
solution.
There are more vendor organizations that are able to keep up with the increasing
number of malware files.
The variations of malware are easily detected thanks to the affordability of
malware kits.

ATTEMPT #2

Question 5
The threat intelligence service catalogs data about existing or emerging attacks,
including the specific mechanisms of the attack, and evidence that the attack has
happened.
What is this data also known as?
Select one:
Indicators of compromise [CORRECT ANSWER]
Machine learning
Intelligence catalogs
Sandboxing
Artificial intelligence